This reduces coverage since one test case needed to be removed. Its not that easy anymore to pass a custom scope into a tested application. It gets verified that no invalid authentication is possible though. Proper testing should be done with another issue.
